Improper Neutralization Of Special Elements In Data Query Logic

Dgraph is vulnerable to Improper Neutralization of Special Elements in Data Query Logic. The vulnerability is due to improper sanitization of the user-controlled cond field in upsert mutations, which allows an attacker to inject arbitrary DQL query blocks and gain unauthorized read access to...

CVE-2026-41327

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a...

PT-2026-35032

Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.3 Description An issue in Dgraph allows an unauthenticated attacker to gain full read access to all data in the database when the default configuration is used and Access Control Lists ACL are not enabled. The fla...

EMC Documentum Content Server DQL Injection Vulnerability

EMC Documentum Content Server is a content management service system from EMC. A DQL injection vulnerability exists in EMC Documentum Content Server because the program fails to properly filter user-submitted input. A remote attacker can exploit the vulnerability by sending a specially crafted...